# s36501.cc — MALICIOUS

> s36501.cc linked to active credential-theft phishing (VT 19/95 detections). Verify its legitimacy before interacting. Check the full report.

## Summary
On September 2, 2025, the domain s36501.cc was registered through DYNADOT LLC and is currently classified as an active credential-theft phishing threat at an elevated risk level.

PhishDestroy identifies this domain as a high-priority threat based on concrete indicators: VirusTotal shows 19 out of 95 security vendors flagged it, it resolves to 20.2.172.20, the SSL certificate was issued by Let’s Encrypt, and it is blocked by OpenPhish and PhishingArmy. The domain’s recent creation date and presence on multiple blocklists underscore its malicious intent.

Organizations and users should immediately block s36501.cc and inspect DNS logs for traffic to 20.2.172.20. For credential-theft phishing domains, avoid entering sensitive information and report any interactions to your internal security team. Conduct a security awareness review focusing on phishing tactics mimicking legitimate login portals.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2025-09-02 02:44:38
- Registrar: DYNADOT LLC
- IP: 20.2.172.20

## Detection Status
- VirusTotal: 19 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 2 hits
  Lists: ["OpenPhish", "PhishingArmy"]

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/0e95356c-8596-482f-ab5a-88b9bdb4a485
- PhishDestroy: https://phishdestroy.io/domain/s36501.cc/
- LLM endpoint: https://phishdestroy.io/domain/s36501.cc/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/s36501.cc/
Last updated: 2026-03-31